TBB: apply TBBR naming convention to certificates and extensions
This patch applies the TBBR naming convention to the certificates
and the corresponding extensions defined by the CoT:
* Certificate UUID names
* Certificate identifier names
* OID names
Changes apply to:
* Generic code (variables and defines)
* The default certificate identifiers provided in the generic
code
* Build system
* ARM platforms port
* cert_create tool internal definitions
* fip_create and cert_create tools command line options
* Documentation
IMPORTANT: this change breaks the compatibility with platforms
that use TBBR. The platform will need to adapt the identifiers
and OIDs to the TBBR naming convention introduced by this patch:
Certificate UUIDs:
UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT --> UUID_TRUSTED_BOOT_FW_CERT
UUID_SCP_FIRMWARE_BL30_KEY_CERT --> UUID_SCP_FW_KEY_CERT
UUID_SCP_FIRMWARE_BL30_CERT --> UUID_SCP_FW_CONTENT_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT --> UUID_SOC_FW_KEY_CERT
UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT --> UUID_SOC_FW_CONTENT_CERT
UUID_SECURE_PAYLOAD_BL32_KEY_CERT --> UUID_TRUSTED_OS_FW_KEY_CERT
UUID_SECURE_PAYLOAD_BL32_CERT --> UUID_TRUSTED_OS_FW_CONTENT_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT --> UUID_NON_TRUSTED_FW_KEY_CERT
UUID_NON_TRUSTED_FIRMWARE_BL33_CERT --> UUID_NON_TRUSTED_FW_CONTENT_CERT
Certificate identifiers:
BL2_CERT_ID --> TRUSTED_BOOT_FW_CERT_ID
BL30_KEY_CERT_ID --> SCP_FW_KEY_CERT_ID
BL30_CERT_ID --> SCP_FW_CONTENT_CERT_ID
BL31_KEY_CERT_ID --> SOC_FW_KEY_CERT_ID
BL31_CERT_ID --> SOC_FW_CONTENT_CERT_ID
BL32_KEY_CERT_ID --> TRUSTED_OS_FW_KEY_CERT_ID
BL32_CERT_ID --> TRUSTED_OS_FW_CONTENT_CERT_ID
BL33_KEY_CERT_ID --> NON_TRUSTED_FW_KEY_CERT_ID
BL33_CERT_ID --> NON_TRUSTED_FW_CONTENT_CERT_ID
OIDs:
TZ_FW_NVCOUNTER_OID --> TRUSTED_FW_NVCOUNTER_OID
NTZ_FW_NVCOUNTER_OID --> NON_TRUSTED_FW_NVCOUNTER_OID
BL2_HASH_OID --> TRUSTED_BOOT_FW_HASH_OID
TZ_WORLD_PK_OID --> TRUSTED_WORLD_PK_OID
NTZ_WORLD_PK_OID --> NON_TRUSTED_WORLD_PK_OID
BL30_CONTENT_CERT_PK_OID --> SCP_FW_CONTENT_CERT_PK_OID
BL30_HASH_OID --> SCP_FW_HASH_OID
BL31_CONTENT_CERT_PK_OID --> SOC_FW_CONTENT_CERT_PK_OID
BL31_HASH_OID --> SOC_AP_FW_HASH_OID
BL32_CONTENT_CERT_PK_OID --> TRUSTED_OS_FW_CONTENT_CERT_PK_OID
BL32_HASH_OID --> TRUSTED_OS_FW_HASH_OID
BL33_CONTENT_CERT_PK_OID --> NON_TRUSTED_FW_CONTENT_CERT_PK_OID
BL33_HASH_OID --> NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID
BL2U_HASH_OID --> AP_FWU_CFG_HASH_OID
SCP_BL2U_HASH_OID --> SCP_FWU_CFG_HASH_OID
NS_BL2U_HASH_OID --> FWU_HASH_OID
Change-Id: I1e047ae046299ca913911c39ac3a6e123bd41079
diff --git a/tools/cert_create/include/tbbr/tbb_cert.h b/tools/cert_create/include/tbbr/tbb_cert.h
index 2bc3be6..c0f7ba2 100644
--- a/tools/cert_create/include/tbbr/tbb_cert.h
+++ b/tools/cert_create/include/tbbr/tbb_cert.h
@@ -37,16 +37,16 @@
* Enumerate the certificates that are used to establish the chain of trust
*/
enum {
- BL2_CERT,
+ TRUSTED_BOOT_FW_CERT,
TRUSTED_KEY_CERT,
- BL30_KEY_CERT,
- BL30_CERT,
- BL31_KEY_CERT,
- BL31_CERT,
- BL32_KEY_CERT,
- BL32_CERT,
- BL33_KEY_CERT,
- BL33_CERT,
+ SCP_FW_KEY_CERT,
+ SCP_FW_CONTENT_CERT,
+ SOC_FW_KEY_CERT,
+ SOC_FW_CONTENT_CERT,
+ TRUSTED_OS_FW_KEY_CERT,
+ TRUSTED_OS_FW_CONTENT_CERT,
+ NON_TRUSTED_FW_KEY_CERT,
+ NON_TRUSTED_FW_CONTENT_CERT,
FWU_CERT
};
diff --git a/tools/cert_create/include/tbbr/tbb_ext.h b/tools/cert_create/include/tbbr/tbb_ext.h
index ecbe866..8589cf7 100644
--- a/tools/cert_create/include/tbbr/tbb_ext.h
+++ b/tools/cert_create/include/tbbr/tbb_ext.h
@@ -34,22 +34,22 @@
/* TBBR extensions */
enum {
- TZ_FW_NVCOUNTER_EXT,
- NTZ_FW_NVCOUNTER_EXT,
- BL2_HASH_EXT,
- TZ_WORLD_PK_EXT,
- NTZ_WORLD_PK_EXT,
- BL31_CONTENT_CERT_PK_EXT,
- BL31_HASH_EXT,
- BL30_CONTENT_CERT_PK_EXT,
- BL30_HASH_EXT,
- BL32_CONTENT_CERT_PK_EXT,
- BL32_HASH_EXT,
- BL33_CONTENT_CERT_PK_EXT,
- BL33_HASH_EXT,
- SCP_BL2U_HASH_EXT,
- BL2U_HASH_EXT,
- NS_BL2U_HASH_EXT
+ TRUSTED_FW_NVCOUNTER_EXT,
+ NON_TRUSTED_FW_NVCOUNTER_EXT,
+ TRUSTED_BOOT_FW_HASH_EXT,
+ TRUSTED_WORLD_PK_EXT,
+ NON_TRUSTED_WORLD_PK_EXT,
+ SCP_FW_CONTENT_CERT_PK_EXT,
+ SCP_FW_HASH_EXT,
+ SOC_FW_CONTENT_CERT_PK_EXT,
+ SOC_AP_FW_HASH_EXT,
+ TRUSTED_OS_FW_CONTENT_CERT_PK_EXT,
+ TRUSTED_OS_FW_HASH_EXT,
+ NON_TRUSTED_FW_CONTENT_CERT_PK_EXT,
+ NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT,
+ SCP_FWU_CFG_HASH_EXT,
+ AP_FWU_CFG_HASH_EXT,
+ FWU_HASH_EXT
};
#endif /* TBB_EXT_H_ */
diff --git a/tools/cert_create/include/tbbr/tbb_key.h b/tools/cert_create/include/tbbr/tbb_key.h
index 1590309..0becf3f 100644
--- a/tools/cert_create/include/tbbr/tbb_key.h
+++ b/tools/cert_create/include/tbbr/tbb_key.h
@@ -40,10 +40,10 @@
ROT_KEY,
TRUSTED_WORLD_KEY,
NON_TRUSTED_WORLD_KEY,
- BL30_KEY,
- BL31_KEY,
- BL32_KEY,
- BL33_KEY
+ SCP_FW_CONTENT_CERT_KEY,
+ SOC_FW_CONTENT_CERT_KEY,
+ TRUSTED_OS_FW_CONTENT_CERT_KEY,
+ NON_TRUSTED_FW_CONTENT_CERT_KEY
};
#endif /* TBB_KEY_H_ */
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index de15ef6..6d11a27 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -91,16 +91,16 @@
BL32_ID,
BL33_ID,
/* Certificate file names (outputs) */
- BL2_CERT_ID,
+ TRUSTED_BOOT_FW_CERT_ID,
TRUSTED_KEY_CERT_ID,
- BL30_KEY_CERT_ID,
- BL30_CERT_ID,
- BL31_KEY_CERT_ID,
- BL31_CERT_ID,
- BL32_KEY_CERT_ID,
- BL32_CERT_ID,
- BL33_KEY_CERT_ID,
- BL33_CERT_ID,
+ SCP_FW_KEY_CERT_ID,
+ SCP_FW_CONTENT_CERT_ID,
+ SOC_FW_KEY_CERT_ID,
+ SOC_FW_CONTENT_CERT_ID,
+ TRUSTED_OS_FW_KEY_CERT_ID,
+ TRUSTED_OS_FW_CONTENT_CERT_ID,
+ NON_TRUSTED_FW_KEY_CERT_ID,
+ NON_TRUSTED_FW_CONTENT_CERT_ID,
/* Key file names (input/output) */
ROT_KEY_ID,
TRUSTED_WORLD_KEY_ID,
diff --git a/tools/cert_create/src/tbbr/tbb_cert.c b/tools/cert_create/src/tbbr/tbb_cert.c
index 59a1cd9..20be59f 100644
--- a/tools/cert_create/src/tbbr/tbb_cert.c
+++ b/tools/cert_create/src/tbbr/tbb_cert.c
@@ -40,15 +40,15 @@
* field points to itself.
*/
static cert_t tbb_certs[] = {
- [BL2_CERT] = {
- .id = BL2_CERT,
- .opt = "bl2-cert",
+ [TRUSTED_BOOT_FW_CERT] = {
+ .id = TRUSTED_BOOT_FW_CERT,
+ .opt = "tb-fw-cert",
.fn = NULL,
- .cn = "BL2 Certificate",
+ .cn = "Trusted Boot FW Certificate",
.key = ROT_KEY,
- .issuer = BL2_CERT,
+ .issuer = TRUSTED_BOOT_FW_CERT,
.ext = {
- BL2_HASH_EXT
+ TRUSTED_BOOT_FW_HASH_EXT
},
.num_ext = 1
},
@@ -60,104 +60,104 @@
.key = ROT_KEY,
.issuer = TRUSTED_KEY_CERT,
.ext = {
- TZ_WORLD_PK_EXT,
- NTZ_WORLD_PK_EXT
+ TRUSTED_WORLD_PK_EXT,
+ NON_TRUSTED_WORLD_PK_EXT
},
.num_ext = 2
},
- [BL30_KEY_CERT] = {
- .id = BL30_KEY_CERT,
- .opt = "bl30-key-cert",
+ [SCP_FW_KEY_CERT] = {
+ .id = SCP_FW_KEY_CERT,
+ .opt = "scp-fw-key-cert",
.fn = NULL,
- .cn = "BL3-0 Key Certificate",
+ .cn = "SCP Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
- .issuer = BL30_KEY_CERT,
+ .issuer = SCP_FW_KEY_CERT,
.ext = {
- BL30_CONTENT_CERT_PK_EXT
+ SCP_FW_CONTENT_CERT_PK_EXT
},
.num_ext = 1
},
- [BL30_CERT] = {
- .id = BL30_CERT,
- .opt = "bl30-cert",
+ [SCP_FW_CONTENT_CERT] = {
+ .id = SCP_FW_CONTENT_CERT,
+ .opt = "scp-fw-cert",
.fn = NULL,
- .cn = "BL3-0 Content Certificate",
- .key = BL30_KEY,
- .issuer = BL30_CERT,
+ .cn = "SCP Firmware Content Certificate",
+ .key = SCP_FW_CONTENT_CERT_KEY,
+ .issuer = SCP_FW_CONTENT_CERT,
.ext = {
- BL30_HASH_EXT
+ SCP_FW_HASH_EXT
},
.num_ext = 1
},
- [BL31_KEY_CERT] = {
- .id = BL31_KEY_CERT,
- .opt = "bl31-key-cert",
+ [SOC_FW_KEY_CERT] = {
+ .id = SOC_FW_KEY_CERT,
+ .opt = "soc-fw-key-cert",
.fn = NULL,
- .cn = "BL3-1 Key Certificate",
+ .cn = "SoC Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
- .issuer = BL31_KEY_CERT,
+ .issuer = SOC_FW_KEY_CERT,
.ext = {
- BL31_CONTENT_CERT_PK_EXT
+ SOC_FW_CONTENT_CERT_PK_EXT
},
.num_ext = 1
},
- [BL31_CERT] = {
- .id = BL31_CERT,
- .opt = "bl31-cert",
+ [SOC_FW_CONTENT_CERT] = {
+ .id = SOC_FW_CONTENT_CERT,
+ .opt = "soc-fw-cert",
.fn = NULL,
- .cn = "BL3-1 Content Certificate",
- .key = BL31_KEY,
- .issuer = BL31_CERT,
+ .cn = "SoC Firmware Content Certificate",
+ .key = SOC_FW_CONTENT_CERT_KEY,
+ .issuer = SOC_FW_CONTENT_CERT,
.ext = {
- BL31_HASH_EXT
+ SOC_AP_FW_HASH_EXT
},
.num_ext = 1
},
- [BL32_KEY_CERT] = {
- .id = BL32_KEY_CERT,
- .opt = "bl32-key-cert",
+ [TRUSTED_OS_FW_KEY_CERT] = {
+ .id = TRUSTED_OS_FW_KEY_CERT,
+ .opt = "tos-fw-key-cert",
.fn = NULL,
- .cn = "BL3-2 Key Certificate",
+ .cn = "Trusted OS Firmware Key Certificate",
.key = TRUSTED_WORLD_KEY,
- .issuer = BL32_KEY_CERT,
+ .issuer = TRUSTED_OS_FW_KEY_CERT,
.ext = {
- BL32_CONTENT_CERT_PK_EXT
+ TRUSTED_OS_FW_CONTENT_CERT_PK_EXT
},
.num_ext = 1
},
- [BL32_CERT] = {
- .id = BL32_CERT,
- .opt = "bl32-cert",
+ [TRUSTED_OS_FW_CONTENT_CERT] = {
+ .id = TRUSTED_OS_FW_CONTENT_CERT,
+ .opt = "tos-fw-cert",
.fn = NULL,
- .cn = "BL3-2 Content Certificate",
- .key = BL32_KEY,
- .issuer = BL32_CERT,
+ .cn = "Trusted OS Firmware Content Certificate",
+ .key = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+ .issuer = TRUSTED_OS_FW_CONTENT_CERT,
.ext = {
- BL32_HASH_EXT
+ TRUSTED_OS_FW_HASH_EXT
},
.num_ext = 1
},
- [BL33_KEY_CERT] = {
- .id = BL33_KEY_CERT,
- .opt = "bl33-key-cert",
+ [NON_TRUSTED_FW_KEY_CERT] = {
+ .id = NON_TRUSTED_FW_KEY_CERT,
+ .opt = "nt-fw-key-cert",
.fn = NULL,
- .cn = "BL3-3 Key Certificate",
+ .cn = "Non-Trusted Firmware Key Certificate",
.key = NON_TRUSTED_WORLD_KEY,
- .issuer = BL33_KEY_CERT,
+ .issuer = NON_TRUSTED_FW_KEY_CERT,
.ext = {
- BL33_CONTENT_CERT_PK_EXT
+ NON_TRUSTED_FW_CONTENT_CERT_PK_EXT
},
.num_ext = 1
},
- [BL33_CERT] = {
- .id = BL33_CERT,
- .opt = "bl33-cert",
+ [NON_TRUSTED_FW_CONTENT_CERT] = {
+ .id = NON_TRUSTED_FW_CONTENT_CERT,
+ .opt = "nt-fw-cert",
.fn = NULL,
- .cn = "BL3-3 Content Certificate",
- .key = BL33_KEY,
- .issuer = BL33_CERT,
+ .cn = "Non-Trusted Firmware Content Certificate",
+ .key = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+ .issuer = NON_TRUSTED_FW_CONTENT_CERT,
.ext = {
- BL33_HASH_EXT
+ NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT
},
.num_ext = 1
},
@@ -169,9 +169,9 @@
.key = ROT_KEY,
.issuer = FWU_CERT,
.ext = {
- SCP_BL2U_HASH_EXT,
- BL2U_HASH_EXT,
- NS_BL2U_HASH_EXT
+ SCP_FWU_CFG_HASH_EXT,
+ AP_FWU_CFG_HASH_EXT,
+ FWU_HASH_EXT
},
.num_ext = 3
}
diff --git a/tools/cert_create/src/tbbr/tbb_ext.c b/tools/cert_create/src/tbbr/tbb_ext.c
index b0af6f1..1400fbf 100644
--- a/tools/cert_create/src/tbbr/tbb_ext.c
+++ b/tools/cert_create/src/tbbr/tbb_ext.c
@@ -42,133 +42,133 @@
#define NORMAL_WORLD_NVCTR_VALUE 0
static ext_t tbb_ext[] = {
- [TZ_FW_NVCOUNTER_EXT] = {
- .oid = TZ_FW_NVCOUNTER_OID,
+ [TRUSTED_FW_NVCOUNTER_EXT] = {
+ .oid = TRUSTED_FW_NVCOUNTER_OID,
.sn = "TrustedWorldNVCounter",
.ln = "Trusted World Non-Volatile counter",
.asn1_type = V_ASN1_INTEGER,
.type = EXT_TYPE_NVCOUNTER,
.data.nvcounter = TRUSTED_WORLD_NVCTR_VALUE
},
- [NTZ_FW_NVCOUNTER_EXT] = {
- .oid = NTZ_FW_NVCOUNTER_OID,
+ [NON_TRUSTED_FW_NVCOUNTER_EXT] = {
+ .oid = NON_TRUSTED_FW_NVCOUNTER_OID,
.sn = "NormalWorldNVCounter",
.ln = "Normal World Non-Volatile counter",
.asn1_type = V_ASN1_INTEGER,
.type = EXT_TYPE_NVCOUNTER,
.data.nvcounter = NORMAL_WORLD_NVCTR_VALUE
},
- [BL2_HASH_EXT] = {
- .oid = BL2_HASH_OID,
- .opt = "bl2",
+ [TRUSTED_BOOT_FW_HASH_EXT] = {
+ .oid = TRUSTED_BOOT_FW_HASH_OID,
+ .opt = "tb-fw",
.sn = "TrustedBootFirmwareHash",
- .ln = "Trusted Boot Firmware (BL2) hash (SHA256)",
+ .ln = "Trusted Boot Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
- [TZ_WORLD_PK_EXT] = {
- .oid = TZ_WORLD_PK_OID,
+ [TRUSTED_WORLD_PK_EXT] = {
+ .oid = TRUSTED_WORLD_PK_OID,
.sn = "TrustedWorldPublicKey",
.ln = "Trusted World Public Key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
.data.key = TRUSTED_WORLD_KEY
},
- [NTZ_WORLD_PK_EXT] = {
- .oid = NTZ_WORLD_PK_OID,
+ [NON_TRUSTED_WORLD_PK_EXT] = {
+ .oid = NON_TRUSTED_WORLD_PK_OID,
.sn = "NonTrustedWorldPublicKey",
.ln = "Non-Trusted World Public Key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
.data.key = NON_TRUSTED_WORLD_KEY
},
- [BL30_CONTENT_CERT_PK_EXT] = {
- .oid = BL30_CONTENT_CERT_PK_OID,
+ [SCP_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = SCP_FW_CONTENT_CERT_PK_OID,
.sn = "SCPFirmwareContentCertPK",
.ln = "SCP Firmware content certificate public key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
- .data.key = BL30_KEY
+ .data.key = SCP_FW_CONTENT_CERT_KEY
},
- [BL30_HASH_EXT] = {
- .oid = BL30_HASH_OID,
- .opt = "bl30",
+ [SCP_FW_HASH_EXT] = {
+ .oid = SCP_FW_HASH_OID,
+ .opt = "scp-fw",
.sn = "SCPFirmwareHash",
- .ln = "SCP Firmware (BL30) hash (SHA256)",
+ .ln = "SCP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
- [BL31_CONTENT_CERT_PK_EXT] = {
- .oid = BL31_CONTENT_CERT_PK_OID,
+ [SOC_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = SOC_FW_CONTENT_CERT_PK_OID,
.sn = "SoCFirmwareContentCertPK",
.ln = "SoC Firmware content certificate public key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
- .data.key = BL31_KEY
+ .data.key = SOC_FW_CONTENT_CERT_KEY
},
- [BL31_HASH_EXT] = {
- .oid = BL31_HASH_OID,
- .opt = "bl31",
+ [SOC_AP_FW_HASH_EXT] = {
+ .oid = SOC_AP_FW_HASH_OID,
+ .opt = "soc-fw",
.sn = "SoCAPFirmwareHash",
- .ln = "SoC AP Firmware (BL31) hash (SHA256)",
+ .ln = "SoC AP Firmware hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
- [BL32_CONTENT_CERT_PK_EXT] = {
- .oid = BL32_CONTENT_CERT_PK_OID,
+ [TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
.sn = "TrustedOSFirmwareContentCertPK",
.ln = "Trusted OS Firmware content certificate public key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
- .data.key = BL32_KEY
+ .data.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
},
- [BL32_HASH_EXT] = {
- .oid = BL32_HASH_OID,
- .opt = "bl32",
+ [TRUSTED_OS_FW_HASH_EXT] = {
+ .oid = TRUSTED_OS_FW_HASH_OID,
+ .opt = "tos-fw",
.sn = "TrustedOSHash",
- .ln = "Trusted OS (BL32) hash (SHA256)",
+ .ln = "Trusted OS hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
- [BL33_CONTENT_CERT_PK_EXT] = {
- .oid = BL33_CONTENT_CERT_PK_OID,
+ [NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
+ .oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
.sn = "NonTrustedFirmwareContentCertPK",
.ln = "Non-Trusted Firmware content certificate public key",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_PKEY,
- .data.key = BL33_KEY
+ .data.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
},
- [BL33_HASH_EXT] = {
- .oid = BL33_HASH_OID,
- .opt = "bl33",
+ [NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
+ .oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
+ .opt = "nt-fw",
.sn = "NonTrustedWorldBootloaderHash",
- .ln = "Non-Trusted World (BL33) hash (SHA256)",
+ .ln = "Non-Trusted World hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH
},
- [SCP_BL2U_HASH_EXT] = {
- .oid = SCP_BL2U_HASH_OID,
- .opt = "scp_bl2u",
+ [SCP_FWU_CFG_HASH_EXT] = {
+ .oid = SCP_FWU_CFG_HASH_OID,
+ .opt = "scp-fwu-cfg",
.sn = "SCPFWUpdateConfig",
- .ln = "SCP Firmware Update Config (SCP_BL2U) hash (SHA256)",
+ .ln = "SCP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
- [BL2U_HASH_EXT] = {
- .oid = BL2U_HASH_OID,
- .opt = "bl2u",
+ [AP_FWU_CFG_HASH_EXT] = {
+ .oid = AP_FWU_CFG_HASH_OID,
+ .opt = "ap-fwu-cfg",
.sn = "APFWUpdateConfig",
- .ln = "AP Firmware Update Config (BL2U) hash (SHA256)",
+ .ln = "AP Firmware Update Config hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
},
- [NS_BL2U_HASH_EXT] = {
- .oid = NS_BL2U_HASH_OID,
- .opt = "ns_bl2u",
+ [FWU_HASH_EXT] = {
+ .oid = FWU_HASH_OID,
+ .opt = "fwu",
.sn = "FWUpdaterHash",
- .ln = "Firmware Updater (NS_BL2U) hash (SHA256)",
+ .ln = "Firmware Updater hash (SHA256)",
.asn1_type = V_ASN1_OCTET_STRING,
.type = EXT_TYPE_HASH,
.optional = 1
diff --git a/tools/cert_create/src/tbbr/tbb_key.c b/tools/cert_create/src/tbbr/tbb_key.c
index eaaf1ff..089425a 100644
--- a/tools/cert_create/src/tbbr/tbb_key.c
+++ b/tools/cert_create/src/tbbr/tbb_key.c
@@ -51,25 +51,25 @@
.opt = "non-trusted-world-key",
.desc = "Non Trusted World key"
},
- [BL30_KEY] = {
- .id = BL30_KEY,
- .opt = "bl30-key",
- .desc = "BL30 key"
+ [SCP_FW_CONTENT_CERT_KEY] = {
+ .id = SCP_FW_CONTENT_CERT_KEY,
+ .opt = "scp-fw-key",
+ .desc = "SCP Firmware Content Certificate key"
},
- [BL31_KEY] = {
- .id = BL31_KEY,
- .opt = "bl31-key",
- .desc = "BL31 key"
+ [SOC_FW_CONTENT_CERT_KEY] = {
+ .id = SOC_FW_CONTENT_CERT_KEY,
+ .opt = "soc-fw-key",
+ .desc = "SoC Firmware Content Certificate key"
},
- [BL32_KEY] = {
- .id = BL32_KEY,
- .opt = "bl32-key",
- .desc = "BL32 key"
+ [TRUSTED_OS_FW_CONTENT_CERT_KEY] = {
+ .id = TRUSTED_OS_FW_CONTENT_CERT_KEY,
+ .opt = "tos-fw-key",
+ .desc = "Trusted OS Firmware Content Certificate key"
},
- [BL33_KEY] = {
- .id = BL33_KEY,
- .opt = "bl33-key",
- .desc = "BL33 key"
+ [NON_TRUSTED_FW_CONTENT_CERT_KEY] = {
+ .id = NON_TRUSTED_FW_CONTENT_CERT_KEY,
+ .opt = "nt-fw-key",
+ .desc = "Non Trusted Firmware Content Certificate key"
}
};
diff --git a/tools/fip_create/fip_create.c b/tools/fip_create/fip_create.c
index 5713184..ef533c7 100644
--- a/tools/fip_create/fip_create.c
+++ b/tools/fip_create/fip_create.c
@@ -78,25 +78,25 @@
"rot-cert", NULL, FLAG_FILENAME },
{ "Trusted key certificate", UUID_TRUSTED_KEY_CERT,
"trusted-key-cert", NULL, FLAG_FILENAME},
- { "SCP Firmware BL3-0 key certificate", UUID_SCP_FIRMWARE_BL30_KEY_CERT,
- "bl30-key-cert", NULL, FLAG_FILENAME},
- { "EL3 Runtime Firmware BL3-1 key certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_KEY_CERT,
- "bl31-key-cert", NULL, FLAG_FILENAME},
- { "Secure Payload BL3-2 (Trusted OS) key certificate", UUID_SECURE_PAYLOAD_BL32_KEY_CERT,
- "bl32-key-cert", NULL, FLAG_FILENAME},
- { "Non-Trusted Firmware BL3-3 key certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_KEY_CERT,
- "bl33-key-cert", NULL, FLAG_FILENAME},
+ { "SCP Firmware key certificate", UUID_SCP_FW_KEY_CERT,
+ "scp-fw-key-cert", NULL, FLAG_FILENAME},
+ { "SoC Firmware key certificate", UUID_SOC_FW_KEY_CERT,
+ "soc-fw-key-cert", NULL, FLAG_FILENAME},
+ { "Trusted OS Firmware key certificate", UUID_TRUSTED_OS_FW_KEY_CERT,
+ "tos-fw-key-cert", NULL, FLAG_FILENAME},
+ { "Non-Trusted Firmware key certificate", UUID_NON_TRUSTED_FW_KEY_CERT,
+ "nt-fw-key-cert", NULL, FLAG_FILENAME},
/* Content certificates */
- { "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FIRMWARE_BL2_CERT,
- "bl2-cert", NULL, FLAG_FILENAME },
- { "SCP Firmware BL3-0 certificate", UUID_SCP_FIRMWARE_BL30_CERT,
- "bl30-cert", NULL, FLAG_FILENAME},
- { "EL3 Runtime Firmware BL3-1 certificate", UUID_EL3_RUNTIME_FIRMWARE_BL31_CERT,
- "bl31-cert", NULL, FLAG_FILENAME},
- { "Secure Payload BL3-2 (Trusted OS) certificate", UUID_SECURE_PAYLOAD_BL32_CERT,
- "bl32-cert", NULL, FLAG_FILENAME},
- { "Non-Trusted Firmware BL3-3 certificate", UUID_NON_TRUSTED_FIRMWARE_BL33_CERT,
- "bl33-cert", NULL, FLAG_FILENAME},
+ { "Trusted Boot Firmware BL2 certificate", UUID_TRUSTED_BOOT_FW_CERT,
+ "tb-fw-cert", NULL, FLAG_FILENAME },
+ { "SCP Firmware content certificate", UUID_SCP_FW_CONTENT_CERT,
+ "scp-fw-cert", NULL, FLAG_FILENAME},
+ { "SoC Firmware content certificate", UUID_SOC_FW_CONTENT_CERT,
+ "soc-fw-cert", NULL, FLAG_FILENAME},
+ { "Trusted OS Firmware content certificate", UUID_TRUSTED_OS_FW_CONTENT_CERT,
+ "tos-fw-cert", NULL, FLAG_FILENAME},
+ { "Non-Trusted Firmware content certificate", UUID_NON_TRUSTED_FW_CONTENT_CERT,
+ "nt-fw-cert", NULL, FLAG_FILENAME},
{ NULL, {0}, 0 }
};